openSUSE 16 Security Update : python-PyNaCl (openSUSE-SU-2026:20650-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20650-1 advisory. Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to...

SUSE-SU-2026:21431-1 Security update for python-PyNaCl

This update for python-PyNaCl fixes the following issues: Security fixes: - CVE-2025-69277: incorrect validation of elliptic curve points certain custom cryptography or untrusted data to cryptocoreed25519isvalidpoint function bsc1255764. Other fixes: - update to 1.6.2 bsc1255764, CVE-2025-69277:...

CVE-2026-33752

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

CVE-2026-33752 Redirect-based SSRF leading to internal network access in curl_cffi (with TLS impersonation bypass)

curlcffi is the a Python binding for curl. Prior to 0.15.0, curlcffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata...

CVE-2026-33752

CVE-2026-33752 affects the Python binding curl_cffi for libcurl. Before version 0.15.0, curl_cffi does not restrict outbound requests to internal IP ranges and follows redirects automatically via libcurl. This enables an attacker-controlled URL to redirect to internal services (e.g., cloud metada...

curl_cffi 代码问题漏洞

curlcffi is a Python HTTP client library developed by Lexiforest personal developers, which supports browser fingerprint simulation. Versions of curlcffi prior to 0.15.0 have code vulnerabilities. These vulnerabilities stem from the lack of restrictions on requests directed to internal IP ranges,...

203-python-project-rc (>=0.2.0 <=0.2.2), 5mghost-rover (>=0.0.1 <=0.0.26) +1659 more potentially affected by CVE-2026-33752 via curl-cffi (>=0.10.0 <=0.15.0)

curl-cffi PYPI version =0.10.0, =0.2.0, =0.0.1, =1.0.0, =0.2.1, =0.1.3, =0.1.0, =0.2.0, =1.1.0, =0.1.1, =0.0.2, =0.4.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-33752 Source advisory: SNYK:PYTHON-CURLCFFI-15907859...

alpaxa-quant (>=1.0.0 <=1.0.2), auto-archiver (>=1.1.5 <=1.2.7) +67 more potentially affected by CVE-2026-33752 via curl-cffi (>=0.10.0 <=0.14.0)

curl-cffi PYPI version =0.10.0, =1.0.0, =1.1.5, =2.0.0, =0.1.0, =0.0.32, =0.3.0, =0.0.1, =0.1.0, =0.1.0, =3.1.9, =7.0.0, =8.10.0 - dailymotionx =0.2.0 and more Source cves: CVE-2026-33752 Source advisory: OSV:GHSA-QW2M-4PQF-RMPP...

Server-side Request Forgery (SSRF)

Overview curl-cffi is a python binding for curl-impersonate via cffi. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the handling of user-supplied URLs and automatic redirect following in the get function. An attacker can access internal network resources...

PT-2026-30271

Name of the Vulnerable Software and Affected Versions curl cffi affected versions not specified Description curl cffi does not restrict requests to internal IP ranges and automatically follows redirects via libcurl. This allows an attacker-controlled URL to redirect requests to internal services,...

[SECURITY] Fedora 42 Update: maturin-1.9.6-4.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 43 Update: maturin-1.9.6-5.fc43

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 44 Update: maturin-1.9.6-5.fc44

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

RUSTSEC-2026-0038 RustSec Advisory

Impact Vulnerability Type: Improper Control of Generation of Code 'Code Injection' CWE-94 / Improper Check for Unusual or Exceptional Conditions CWE-754 / Improper Input Validation CWE-20 / Use of Low-Level Functionality CWE-695 / Improper Privilege Management CWE-269 / External Control of System...

[SECURITY] Fedora 42 Update: maturin-1.9.6-3.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 43 Update: maturin-1.9.6-4.fc43

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 43 Update: maturin-1.8.7-2.fc43

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

[SECURITY] Fedora 42 Update: maturin-1.8.7-2.fc42

Build and publish crates with pyo3, rust-cpython and cffi bindings as well as rust binaries as python packages...

MAL-2025-47752 Malicious code in cffi-curl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1bdc2d55f462ed9009995743e5bc50ed10641cffa24d5b16606e3a479fffae10 Malicious clone of a legitimate package "curl-cffi". When importing the module, it runs an obfuscated PowerShell command --- Category: MALICIOUS - The campaign...

Malicious code in cffi-curl (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1bdc2d55f462ed9009995743e5bc50ed10641cffa24d5b16606e3a479fffae10 Malicious clone of a legitimate package "curl-cffi". When importing the module, it runs an obfuscated PowerShell command --- Category: MALICIOUS - The campaign...